Tracking ACL Changes - Using access-list remarks

Unanswered Question
Apr 25th, 2008
User Badges:


Does any have a way to compare current running ACLs against a previously saved copy of the config? Quarterly we need to review the security and it would be nice to run a quick compare to evaluate what has changed since the last quarter and make sure these changes are reflected in our change log as outlined by our corporate security policy.

I'm considering adding access-list remarks to my config to help document it better. I've heard this could clutter the config but using a "show run |exclude remarks" could help when troublshooting.

Does anyone have any thoughts?



  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
htarra Fri, 05/02/2008 - 12:36
User Badges:
  • Bronze, 100 points or more

you can use command "show run | include access-list" and save this copy in a text file. In the next quarter you cna again get the output using same command, copy it and save in a different file then compare both files using a variey of free tools availbale on internet for this

michael.leblanc Fri, 05/23/2008 - 15:11
User Badges:
  • Silver, 250 points or more

Do a "copy running-config tftp" and compare the transfered file with your prior configuration file, with an application such as the one found at:

The "Beyond Compare" application allows you to view differences between files rapidly.

Has a ton of other features as well.


This Discussion